{include file="public/layout"/}
<body class="bodystyle" style=" overflow-y: scroll;min-width:auto;">
<div id="toolTipLayer" style="position: absolute; z-index: 9999; display: none; visibility: visible; left: 95px; top: 573px;"></div>
<div id="append_parent"></div>
<div id="ajaxwaitid"></div>
<div class="page" style="min-width:auto; ">
    <div class="fixed-bar">
        <div class="item-title">
            <a class="back_xin" href="{:url('Index/switch_map')}" title="返回"><i class="iconfont e-fanhui"></i></a>
            <div class="subject">
                <h3>安全中心</h3>
                <h5></h5>
            </div>
        </div>
    </div>
    <!-- 操作说明 -->
    <div id="" class="explanation mb15">
        <ul>
            <li>1、网站及时升级到最新版本，定时备份网站习惯。</li>
            <li>2、不要使用系统破解版或盗版插件，大概率有预留后门，已有不少用户中招。</li>
            <li>3、网站目录权限设置建议<a href="JavaScript:void(0);" class="red" data-href="https://www.eyoucms.com/plus/view.php?aid=28298&origin_eycms=1" onclick="openFullframe(this,'易优CMS目录权限设置教程，仅供参考');">【查看】</a></li>
        </ul>
    </div>
    <div class="flexigrid htitx">
        <form class="form-horizontal" id="handlepost1" method="post" enctype="multipart/form-data" action="{:url('Security/handleSave1')}">
            <div class="hDiv">
                <div class="hDivBox">
                    <table cellspacing="0" cellpadding="0" style="width: 100%">
                        <thead>
                            <tr>
                                <th class="sign w10" axis="col0">
                                    <div class="tc"></div>
                                </th>
                                <th abbr="article_title" axis="col3" class="w10">
                                    <div class="tc">后台安全中心</div>
                                </th>
                                <th abbr="ac_id" axis="col4">
                                    <div class=""></div>
                                </th>
                            </tr>
                        </thead>
                    </table>
                </div>
            </div>
            <div class="ncap-form-default">
                <!-- <dl class="row">
                    <dt class="tit">
                        <label for="web_sqldatapath">数据备份路径</label>
                    </dt>
                    <dd class="opt">
                        __ROOT_DIR__<input id="web_sqldatapath" name="web_sqldatapath" value="{$global.web_sqldatapath|default=config('DATA_BACKUP_PATH')}" class="input-txt" type="text" autocomplete="off" />
                        <p class="notic"></p>
                    </dd>
                </dl> -->
                <dl class="row">
                    <dt class="tit">
                        <label for="adminbasefile"><em>*</em>后台登录路径</label>
                    </dt>
                    <dd class="opt">
                        __SITE_URL____ROOT_DIR__/<input type="hidden" name="adminbasefile_old" value="{$adminbasefile|default='login'}"><input id="adminbasefile" name="adminbasefile" value="{$adminbasefile|default='login'}" type="text" data-site_url="__SITE_URL__" onKeyUp="this.value=this.value.replace(/[^\w\_\-]/g,'');" onbeforepaste="clipboardData.setData('text',clipboardData.getData('text').replace(/[^\w\_\-]/g,''));" style="width: 210px;" autocomplete="off" />.php
                        <p class="notic2">为了提高系统的安全性，请更改后台入口文件，可使用英文字母大小写+数字。</p>
                    </dd>
                </dl>
                <dl class="row">
                    <dt class="tit">
                        <label for="web_login_expiretime">后台登录超时</label>
                    </dt>
                    <dd class="opt">
                        <input id="web_login_expiretime" name="web_login_expiretime" value="{$global.web_login_expiretime|default=config('login_expire')}" autocomplete="off" type="text" class="input-txt" />&nbsp;秒
                        <input type="hidden" name="login_expiretime_old" value="{$global.web_login_expiretime|default=0}">
                        <p class="notic">默认3600秒等于1小时，最多不超过1个月（2592000秒）</p>
                        <p class="notic2 none red" id="tips_web_login_expiretime"></p>
                    </dd>
                </dl>
                <dl class="row">
                    <dt class="tit">
                        <label for="web_login_lockopen">登录失败锁定</label>
                    </dt>
                    <dd class="opt">
                        <label class="curpoin"><input id="web_login_lockopen1" name="web_login_lockopen" onclick="login_lockopen(this);" value="1" type="radio" {if condition="!isset($global.web_login_lockopen) || $global.web_login_lockopen == 1"} checked="checked"{/if}>开启</label>
                        &nbsp;
                        <label class="curpoin"><input id="web_login_lockopen0" name="web_login_lockopen" onclick="login_lockopen(this);" value="0" type="radio" {if condition="isset($global.web_login_lockopen) && $global.web_login_lockopen == 0"} checked="checked"{/if}>关闭</label>
                        <span class="err"></span>
                        <p class="notic">登录多次失败后，账号将被锁定一定时长</p>
                    </dd>
                </dl>
                <div id="div_login_lock" class="{if condition='isset($global.web_login_lockopen) && $global.web_login_lockopen == 0'}none{/if}">
                    <dl class="row">
                        <dt class="tit">
                            <label for="web_login_errtotal">登录错误次数</label>
                        </dt>
                        <dd class="opt">
                            <input id="web_login_errtotal" name="web_login_errtotal" value="{$global.web_login_errtotal|default=config('login_errtotal')}" class="input-txt" type="text" placeholder="不启用默认留空" autocomplete="off" onkeyup="this.value=this.value.replace(/[^\d]/g,'');" onpaste="this.value=this.value.replace(/[^\d]/g,'')" />&nbsp;次
                            <p class="notic"></p>
                        </dd>
                    </dl>
                    <dl class="row">
                        <dt class="tit">
                            <label for="web_login_errexpire">登录锁定时间</label>
                        </dt>
                        <dd class="opt">
                            <input id="web_login_errexpire" name="web_login_errexpire" value="{$global.web_login_errexpire|default=config('login_errexpire')}" class="input-txt" type="text" autocomplete="off" onkeyup="this.value=this.value.replace(/[^\d]/g,'');" onpaste="this.value=this.value.replace(/[^\d]/g,'')" />&nbsp;秒
                            <p class="notic">默认600秒等于10分钟</p>
                        </dd>
                    </dl>
                </div>
                <dl class="row">
                    <dt class="tit">
                        <label for="web_xss_filter">编辑器防注入</label>
                    </dt>
                    <dd class="opt">
                        <label class="curpoin"><input id="web_xss_filter1" name="web_xss_filter" value="1" type="radio" {if condition="!empty($global.web_xss_filter)"} checked="checked"{/if}>开启</label>
                        &nbsp;
                        <label class="curpoin"><input id="web_xss_filter0" name="web_xss_filter" value="0" type="radio" {if condition="empty($global.web_xss_filter)"} checked="checked"{/if}>关闭</label>
                        <span class="err"></span>
                        <p class="notic">XSS过滤，防止黑客利用编辑器注入恶意代码（如：inserthtml等操作）</p>
                    </dd>
                </dl>
                <dl class="row">
                    <dt class="tit">
                        <label for="web_anti_brushing">网站防止被刷</label>
                    </dt>
                    <dd class="opt">
                        <label class="curpoin"><input id="web_anti_brushing1" name="web_anti_brushing" value="1" type="radio" {if condition="!empty($global.web_anti_brushing)"} checked="checked"{/if}>开启</label>
                        &nbsp;
                        <label class="curpoin"><input id="web_anti_brushing0" name="web_anti_brushing" value="0" type="radio" {if condition="empty($global.web_anti_brushing)"} checked="checked"{/if}>关闭</label>
                        <span class="err"></span>
                        <p class="notic">开启后可以防止域名后缀加?wb=违禁词也能访问并被收录等情况</p>
                        <p class="notic2">注意：静态模式下，首页生成应该改为“动态预览”才有效果，仅对首页URL有效</p>
                    </dd>
                </dl>
                <dl class="row">
                    <div class="bot" style="padding-bottom:0px;">
                        <a href="JavaScript:void(0);" onclick="checkForm1();" class="ncap-btn-big ncap-btn-green">确认提交</a>
                    </div>
                </dl>
            </div>
        </form>
        <form class="form-horizontal" id="handlepost2" method="post" action="{:url('Security/handleSave2')}">
            <div class="hDiv">
                <div class="hDivBox">
                    <table cellspacing="0" cellpadding="0" style="width: 100%">
                        <thead>
                            <tr>
                                <th class="sign w10" axis="col0">
                                    <div class="tc"></div>
                                </th>
                                <th abbr="article_title" axis="col3" class="w10">
                                    <div class="tc">密保问题设置</div>
                                </th>
                                <th abbr="ac_id" axis="col4">
                                    <div style=""></div>
                                </th>
                            </tr>
                        </thead>
                    </table>
                </div>
            </div>
            <div class="ncap-form-default">
                {include file="security/second_ask_html" /}
                <dl class="row">
                    <div class="bot" style="padding-bottom:0px;">
                        <a href="JavaScript:void(0);" onclick="checkForm2();" class="ncap-btn-big ncap-btn-green">确认提交</a>
                    </div>
                </dl>
            </div>
        </form>
        <div class="hDiv">
            <div class="hDivBox">
                <table cellspacing="0" cellpadding="0" style="width: 100%">
                    <thead>
                        <tr>
                            <th class="sign w10" axis="col0">
                                <div class="tc"></div>
                            </th>
                            <th abbr="article_title" axis="col3" class="w10">
                                <div class="tc">病毒查杀中心</div>
                            </th>
                            <th abbr="ac_id" axis="col4">
                                <div style=""></div>
                            </th>
                        </tr>
                    </thead>
                </table>
            </div>
        </div>
        <div class="ncap-form-default">
            <dl class="row">
                <dt class="tit">
                    <label>病毒木马查杀</label>
                </dt>
                <dd class="opt">
                    <a href="javascript:void(0);" data-href="https://www.eyoucms.com/plus/view.php?aid=5946&origin_eycms=1" onclick="openFullframe(this, '快速彻底根治网站源码里的木马代码与多余可疑文件');" class="ncap-btn ncap-btn-green">查看教程</a>
                    <span class="err"></span>
                    <p class="notic"></p>
                </dd>
            </dl>
            <dl class="row">
                <dt class="tit">
                    <label>可疑恶意文件</label>
                </dt>
                <dd class="opt">
                    <a href="javascript:void(0);" data-href="{:url('Security/ddos_kill')}" onclick="openFullframe(this, '可疑恶意文件');" class="ncap-btn ncap-btn-green">在线扫描</a>
                    <span class="err"></span>
                    <p class="notic"></p>
                </dd>
            </dl>
        </div>
    </div>
</div>

<script type="text/javascript">
    $(document).ready(function(){
        $('#web_login_expiretime').keyup(function(){
            var web_login_expiretime = $(this).val();
            if (web_login_expiretime > 2592000) {
                $(this).val(2592000);
                $('#tips_web_login_expiretime').html('最多不能设置超过一个月（2592000秒）').show();
            } else if (web_login_expiretime < 60) {
                $('#tips_web_login_expiretime').html('最少不能设置低于60秒').show();
            } else {
                $('#tips_web_login_expiretime').hide();
            }
        });
    });

    function login_lockopen(obj)
    {
        var is_open = $(obj).val();
        if (1 == is_open) {
            $('#div_login_lock').show();
        } else {
            $('#div_login_lock').hide();
        }
    }

    function checkForm1(){
        // 后台登录超时
        var web_login_expiretime_obj = $('input[name=web_login_expiretime]');
        if (web_login_expiretime_obj.val() < 60) {
            showErrorMsg('后台登录超时不能少于60秒！');
            web_login_expiretime_obj.focus();
            return false;
        }

        var adminbasefileObj = $('input[name=adminbasefile]');
        var adminbasefile_oldObj = $('input[name=adminbasefile_old]');
        if($.trim(adminbasefileObj.val()) == ''){
            showErrorMsg('后台路径不能为空！');
            adminbasefileObj.focus();
            return false;
        }

        if (1 == $('input[name=web_login_lockopen]:checked').val()) {
            var web_login_errtotal_obj = $('input[name=web_login_errtotal]');
            if (web_login_errtotal_obj.val() < 2) {
                showErrorMsg('登录错误次数不能少于2次！');
                web_login_errtotal_obj.focus();
                return false;
            }
            var web_login_errexpire_obj = $('input[name=web_login_errexpire]');
            if (web_login_errexpire_obj.val() < 60) {
                showErrorMsg('登录错误次数不能少于60秒！');
                web_login_errexpire_obj.focus();
                return false;
            }
        }
        
        if(adminbasefile_oldObj.val() != adminbasefileObj.val()){
            var flag = false;
            var site_url = adminbasefileObj.data('site_url');
            layer.confirm('后台路径：<font color="red">'+site_url+'__ROOT_DIR__/'+adminbasefileObj.val()+'.php</font>，确认更改？', {
                    title: false,
                    btn: ['继续更改','取消'] //按钮
                }, function(){
                    layer_loading('正在处理');
                    setTimeout(function (){
                        $.ajax({
                            type : 'post',
                            url : "{:url('Security/handleSave1', ['_ajax'=>1])}",
                            data : $('#handlepost1').serialize(),
                            dataType : 'json',
                            success : function(res){
                                layer.closeAll();
                                if(res.code == 1){
                                    showSuccessMsg(res.msg, 500, function(){
                                        top.window.location.href = res.url;
                                    });
                                }else{
                                    showErrorMsg(res.msg);
                                }
                            },
                            error: function(e){
                                layer.closeAll();
                                showErrorAlert(e.responseText);
                            }
                        });
                    }, 1);
                }, function(index){
                    flag = false;
                }
            );
            return flag;
        }
        layer_loading('正在处理');
        setTimeout(function (){
            $.ajax({
                type : 'post',
                url : "{:url('Security/handleSave1', ['_ajax'=>1])}",
                data : $('#handlepost1').serialize(),
                dataType : 'json',
                success : function(res){
                    layer.closeAll();
                    if(res.code == 1){
                        showSuccessMsg(res.msg, 500, function(){
                            window.location.reload();
                        });
                    }else{
                        showErrorMsg(res.msg);
                    }
                },
                error: function(e){
                    layer.closeAll();
                    showErrorAlert(e.responseText);
                }
            });
        }, 1);
    }
</script>
<script type="text/javascript">
    function checkForm2(){
        var is_founder = {$admin_info['is_founder']|default=0};
        if ($('input[name=security_ask_open]:checked').val() == 1) {
            var security_ask = $('select[name=security_ask]').val();
            var security_answer = $.trim($('input[name=security_answer]').val());
            if ('add' == $('#is_ask_add_edit').val()) {
                if (0 > security_ask) {
                    showErrorMsg('请选择密保问题！');
                    return false;
                }
                if (security_answer === '') {
                    showErrorMsg('请设置密保答案！');
                    $('input[name=security_answer]').focus();
                    return false;
                }
            } else {
                if (security_answer !== '' || 0 <= security_ask) {
                    var security_answer_old = $.trim($('input[name=security_answer_old]').val());
                    if (security_answer_old === '') {
                        showErrorMsg('密保答案不能为空！');
                        $('input[name=security_answer_old]').focus();
                        return false;
                    } else {
                        if (0 <= security_ask) {
                            if (security_answer === '') {
                                showErrorMsg('请重置密保答案！');
                                $('input[name=security_answer]').focus();
                                return false;
                            } else if (security_answer === security_answer_old) {
                                showErrorMsg('重置密保答案不能与原来的一致！');
                                $('input[name=security_answer]').focus();
                                return false;
                            }
                        }
                    }
                }
            }
        } else {
            var security_ask_open = {$security['security_ask_open']|default=0};
            if (0 == is_founder && 1 == security_ask_open) {
                showErrorAlert('创始人才能关闭安全验证功能！');
                return false;
            }
            if ('edit' == $('#is_ask_add_edit').val()) {
                var security_answer_old = $.trim($('input[name=security_answer_old]').val());
                if (security_answer_old === '') {
                    showErrorMsg('密保答案不能为空！');
                    $('input[name=security_answer_old]').focus();
                    return false;
                }
            }
        }

        var falg = security_answer_submit();
        if (true !== falg) {
            showErrorMsg(falg);
            $('input[name=security_answer_old]').focus();
            // autoload_security();
            return false;
        }

        layer_loading('正在处理');
        setTimeout(function (){
            $.ajax({
                type : 'post',
                url : "{:url('Security/handleSave2', ['_ajax'=>1])}",
                data : $('#handlepost2').serialize(),
                dataType : 'json',
                success : function(res){
                    layer.closeAll();
                    if(res.code == 1){
                        if (0 == res.data.security_ask_open || 0 == res.data.is_show_answer) {
                            showSuccessMsg(res.msg, 500, function(){
                                window.location.reload();
                            });
                        } else {
                            layer.alert(res.msg, {
                                shade: layer_shade,
                                area: ['480px', '190px'],
                                move: false,
                                title: '提示',
                                btnAlign:'r',
                                closeBtn: 3,
                                btn: ['记住了'] ,//按钮
                                success: function () {
                                    $(".layui-layer-content").css('text-align', 'left');
                                }
                            }, function (index) {
                                window.location.reload();
                            });
                        }
                    }else{
                        showErrorMsg(res.msg);
                    }
                },
                error: function(e){
                    layer.closeAll();
                    showErrorAlert(e.responseText);
                }
            });
        }, 1);
    }

    function security_answer_submit()
    {
        var flag = false;
        var ask_open_old = 0;
        if (typeof __security_ask_open__ !== 'undefined' && __security_ask_open__ > 0) {
            ask_open_old = __security_ask_open__;
        }
        var ask_open = $('input[name=security_ask_open]:checked').val();
        if (1 == ask_open_old && ask_open_old != ask_open) { // 关闭验证密保答案
            
        } else { // 开启不做验证
            return true;
        }

        var answer = $.trim($('input[name=security_answer_old]').val());
        $.ajax({
            type : 'post',
            url : eyou_basefile + "?m="+module_name+"&c=Security&a=ajax_answer_verify&_ajax=1&lang=" + __lang__,
            data : {answer:answer},
            dataType : 'json',
            async: false,
            success : function(res){
                if(res.code == 1){
                    flag = true;
                } else {
                    flag = res.msg;
                }
            },
            error: function(e) {
                showErrorAlert(e.responseText);
            }
        });

        return flag;
    }
</script>

{include file="public/footer" /}